Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-30 07:42:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEC-444: Handle synchronization issues if multiple authentications taking place for same session ID concurrently.

Browse Source
This commit is contained in:
Ben Alex 2007-05-25 01:38:42 +00:00
parent 4f13db5552
commit 3b9a8dc53e
2 changed files with 2 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
core/src/main/java/org/acegisecurity/concurrent/ConcurrentSessionControllerImpl.java
View File

@ -140,7 +140,6 @@ public class ConcurrentSessionControllerImpl implements ConcurrentSessionControl
Object principal = SessionRegistryUtils.obtainPrincipalFromAuthentication(authentication); Object principal = SessionRegistryUtils.obtainPrincipalFromAuthentication(authentication);
String sessionId = SessionRegistryUtils.obtainSessionIdFromAuthentication(authentication); String sessionId = SessionRegistryUtils.obtainSessionIdFromAuthentication(authentication);
sessionRegistry.removeSessionInformation(sessionId);
sessionRegistry.registerNewSession(sessionId, principal); sessionRegistry.registerNewSession(sessionId, principal);
} }

6
core/src/main/java/org/acegisecurity/concurrent/SessionRegistryImpl.java
View File

@ -112,14 +112,12 @@ public class SessionRegistryImpl implements SessionRegistry,
} }
} }
public void registerNewSession(String sessionId, Object principal) public synchronized void registerNewSession(String sessionId, Object principal) {
throws SessionAlreadyUsedException {
Assert.hasText(sessionId, "SessionId required as per interface contract"); Assert.hasText(sessionId, "SessionId required as per interface contract");
Assert.notNull(principal, "Principal required as per interface contract"); Assert.notNull(principal, "Principal required as per interface contract");
if (getSessionInformation(sessionId) != null) { if (getSessionInformation(sessionId) != null) {
throw new SessionAlreadyUsedException("Session " + sessionId removeSessionInformation(sessionId);
+ " is already is use");
} }
sessionIds.put(sessionId, sessionIds.put(sessionId,